From 7c5cc63dc61f96ab94eb188e9103f9d1b5d8a493 Mon Sep 17 00:00:00 2001 From: Norbert Szulc Date: Sat, 30 Aug 2025 11:49:03 +0000 Subject: [PATCH] Add UnitCommitStatus --- models/unit/unit.go | 16 ++++++++++++++++ routers/api/v1/api.go | 38 ++------------------------------------ services/context/api.go | 12 ------------ 3 files changed, 18 insertions(+), 48 deletions(-) diff --git a/models/unit/unit.go b/models/unit/unit.go index c0560678ca..89740c791c 100644 --- a/models/unit/unit.go +++ b/models/unit/unit.go @@ -33,6 +33,7 @@ const ( TypeProjects // 8 Projects TypePackages // 9 Packages TypeActions // 10 Actions + TypeCommitStatus // 11 Commit Status // FIXME: TEAM-UNIT-PERMISSION: the team unit "admin" permission's design is not right, when a new unit is added in the future, // admin team won't inherit the correct admin permission for the new unit, need to have a complete fix before adding any new unit. @@ -65,6 +66,7 @@ var ( TypeProjects, TypePackages, TypeActions, + TypeCommitStatus, } // DefaultRepoUnits contains the default unit types @@ -77,8 +79,10 @@ var ( TypeProjects, TypePackages, TypeActions, + TypeCommitStatus, } + // TODO(not7cd): Defaults that need TypeCommitStatus // ForkRepoUnits contains the default unit types for forks DefaultForkRepoUnits = []Type{ TypeCode, @@ -237,6 +241,7 @@ func (u Unit) MaxPerm() perm.AccessMode { } // Enumerate all the units +// TODO(not7cd): Add TypeCommitStatus var ( UnitCode = Unit{ TypeCode, @@ -328,6 +333,16 @@ var ( perm.AccessModeOwner, } + // TODO(not7cd): Just copied this + UnitCommitStatus = Unit{ + TypeCommitStatus, + "repo.commitstatus", + "/statuses", + "commitstatus.unit.desc", + 8, + perm.AccessModeOwner, + } + // Units contains all the units Units = map[Type]Unit{ TypeCode: UnitCode, @@ -340,6 +355,7 @@ var ( TypeProjects: UnitProjects, TypePackages: UnitPackages, TypeActions: UnitActions, + TypeCommitStatus: UnitCommitStatus, } ) diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index d83da47981..8255065d1c 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -455,28 +455,6 @@ func reqRepoWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) { } } -// reqRepoCommitStatusWriter user should have a permission to write to commit -// statuses, or write to a repo, or be a site admin -func reqRepoCommitStatusWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) { - return func(ctx *context.APIContext) { - // TODO(not7cd) - if !ctx.IsUserRepoWriter(unitTypes) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() { - ctx.APIError(http.StatusForbidden, "user should have a permission to write to a repo") - return - } - } -} - -// TODO(not7cd): do I need this? -// // reqRepoBranchWriter user should have a permission to write to a branch, or be a site admin -// func reqRepoBranchWriter(ctx *context.APIContext) { -// options, ok := web.GetForm(ctx).(api.FileOptionInterface) -// if !ok || (!ctx.Repo.CanWriteToBranch(ctx, ctx.Doer, options.Branch()) && !ctx.IsUserSiteAdmin()) { -// ctx.APIError(http.StatusForbidden, "user should have a permission to write to this branch") -// return -// } -// } - // reqRepoReader user should have specific read permission or be a repo admin or a site admin func reqRepoReader(unitType unit.Type) func(ctx *context.APIContext) { return func(ctx *context.APIContext) { @@ -487,18 +465,6 @@ func reqRepoReader(unitType unit.Type) func(ctx *context.APIContext) { } } -// reqRepoReader user should have specific commit status read permission, or -// repo read permission, or be a repo admin or a site admin -func reqRepoCommitStatusReader(unitType unit.Type) func(ctx *context.APIContext) { - return func(ctx *context.APIContext) { - // TODO(not7cd) - if !ctx.Repo.CanRead(unitType) && !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() { - ctx.APIError(http.StatusForbidden, "user should have specific read permission or be a repo admin or a site admin") - return - } - } -} - // reqAnyRepoReader user should have any permission to read repository or permissions of site admin func reqAnyRepoReader() func(ctx *context.APIContext) { return func(ctx *context.APIContext) { @@ -1433,8 +1399,8 @@ func Routes() *web.Router { }, mustAllowPulls, reqRepoReader(unit.TypeCode), context.ReferencesGitRepo()) m.Group("/statuses", func() { m.Combo("/{sha}").Get(repo.GetCommitStatuses). - Post(reqToken(), reqRepoCommitStatusWriter(unit.TypeCode), bind(api.CreateStatusOption{}), repo.NewCommitStatus) - }, reqRepoCommitStatusReader(unit.TypeCode)) + Post(reqToken(), reqRepoWriter(unit.TypeCommitStatus), bind(api.CreateStatusOption{}), repo.NewCommitStatus) + }, reqRepoWriter(unit.TypeCommitStatus)) m.Group("/commits", func() { m.Get("", context.ReferencesGitRepo(), repo.GetAllCommits) m.Group("/{ref}", func() { diff --git a/services/context/api.go b/services/context/api.go index cc8e4f65ca..ab50a360f4 100644 --- a/services/context/api.go +++ b/services/context/api.go @@ -367,15 +367,3 @@ func (ctx *APIContext) IsUserRepoAdmin() bool { func (ctx *APIContext) IsUserRepoWriter(unitTypes []unit.Type) bool { return slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite) } - -// IsUserRepoWriter returns true if current user has write commit status privilege in current repo -func (ctx *APIContext) IsUserCommitStatusWriter(unitTypes []unit.Type) bool { - for _, unitType := range unitTypes { - // TODO - if ctx.Repo.CanWrite(unitType) { - return true - } - } - - return false -}